xserver: Branch 'master' - 3 commits

Fri Jun 26 15:16:50 PDT 2009

Xext/xselinux.c     |    4 ++++
 dix/property.c      |   32 ++++++++++++++++++++++----------
 include/dixaccess.h |    1 +
 3 files changed, 27 insertions(+), 10 deletions(-)

New commits:
commit 31166c2ae0ce898c96995a8b16b58b127dc85a2f
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Fri Jun 26 16:51:22 2009 -0400

    xace: add a new hook for checking property content after it has been set.
    
    Allows security modules to enforce what property contents can be set by
    clients.  Uses the new DixPostAccess bit to distinguish between the
    existing call made during the lookup (with the old property data) and
    this new call.  Note that this only applies to writes, prepends, or
    appends to existing properties; for new properties the existing
    DixCreateAccess hook call may be used since it includes the new data.
    
    Refer to the XACE-Spec document in xorg-docs, section "Property Access."
    
    Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>

diff --git a/dix/property.c b/dix/property.c
index 0929dca..9aaf248 100644
--- a/dix/property.c
+++ b/dix/property.c
@@ -253,6 +253,7 @@ dixChangeWindowProperty(ClientPtr pClient, WindowPtr pWin, Atom property,
 			pointer value, Bool sendevent)
 {
     PropertyPtr pProp;
+    PropertyRec savedProp;
     int sizeInBytes, totalSize, rc;
     pointer data;
     Mask access_mode;
@@ -307,15 +308,16 @@ dixChangeWindowProperty(ClientPtr pClient, WindowPtr pWin, Atom property,
 	    return(BadMatch);
         if ((pProp->type != type) && (mode != PropModeReplace))
             return(BadMatch);
+
+	/* save the old values for later */
+	savedProp = *pProp;
+
         if (mode == PropModeReplace)
         {
-	    if (totalSize != pProp->size * (pProp->format >> 3))
-	    {
-	    	data = (pointer)xrealloc(pProp->data, totalSize);
-	    	if (!data && len)
-		    return(BadAlloc);
-            	pProp->data = data;
-	    }
+	    data = xalloc(totalSize);
+	    if (!data && len)
+		return(BadAlloc);
+	    pProp->data = data;
 	    if (len)
 		memmove((char *)pProp->data, (char *)value, totalSize);
 	    pProp->size = len;
@@ -328,10 +330,10 @@ dixChangeWindowProperty(ClientPtr pClient, WindowPtr pWin, Atom property,
 	}
         else if (mode == PropModeAppend)
         {
-	    data = (pointer)xrealloc(pProp->data,
-				     sizeInBytes * (len + pProp->size));
+	    data = xalloc((pProp->size + len) * sizeInBytes);
 	    if (!data)
 		return(BadAlloc);
+	    memcpy(data, pProp->data, pProp->size * sizeInBytes);
             pProp->data = data;
 	    memmove(&((char *)data)[pProp->size * sizeInBytes], 
 		    (char *)value,
@@ -346,10 +348,20 @@ dixChangeWindowProperty(ClientPtr pClient, WindowPtr pWin, Atom property,
 	    memmove(&((char *)data)[totalSize], (char *)pProp->data, 
 		  (int)(pProp->size * sizeInBytes));
             memmove((char *)data, (char *)value, totalSize);
-	    xfree(pProp->data);
             pProp->data = data;
             pProp->size += len;
 	}
+
+	/* Allow security modules to check the new content */
+	access_mode |= DixPostAccess;
+	rc = XaceHookPropertyAccess(pClient, pWin, &pProp, access_mode);
+	if (rc == Success)
+	    xfree(savedProp.data);
+	else {
+	    xfree(pProp->data);
+	    *pProp = savedProp;
+	    return rc;
+	}
     }
     else
 	return rc;
commit 51105de9b0d865c4b5e5a7d9ab23c89d808d1cfa
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Fri Jun 26 16:50:12 2009 -0400

    xselinux: ignore property hook calls with the new Post access mode bit set.
    
    Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>

diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 9898b29..8054230 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -913,6 +913,10 @@ SELinuxProperty(CallbackListPtr *pcbl, pointer unused, pointer calldata)
     security_id_t tsid;
     int rc;
 
+    /* Don't care about the new content check */
+    if (rec->access_mode & DixPostAccess)
+	return;
+
     subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
     obj = dixLookupPrivate(&pProp->devPrivates, objectKey);
 
commit 10812204b3415c969bcebd3215e84d758a0b4dd8
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Fri Jun 26 16:48:24 2009 -0400

    dix: add a new DixAccess bit, "DixPostAccess".
    
    This will be used for follow-up checks after a client has written something,
    for security modules that enforce a set of valid values a client can set.
    
    Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>

diff --git a/include/dixaccess.h b/include/dixaccess.h
index 3c62ee3..7180acd 100644
--- a/include/dixaccess.h
+++ b/include/dixaccess.h
@@ -49,5 +49,6 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #define DixManageAccess		(1<<25)	/* manage object */
 #define DixDebugAccess		(1<<26)	/* debug object */
 #define DixBellAccess		(1<<27)	/* audible sound */
+#define DixPostAccess		(1<<28) /* post or follow-up call */
 
 #endif /* DIX_ACCESS_H */
